TLS issue

List overview All Threads
Download

newer

older

TLSA module compile errors

remove header from reply?

M Arqum CH

18 Aug 2022 18 Aug '22

8:48 p.m.

Dear All,

Thank you in advance .

Facing issue is setting up tls with kamailio 5.5.4 on ec2 Amazon linux server.

Getting this error.

Aug 18 20:36:33 abc.domain /usr/local/mykamailio/sbin/kamailio[10772]: ERROR: tls [tls_server.c:1329]: tls_h_read_f(): protocol level error Aug 18 20:36:33 abc.domain /usr/local/mykamailio/sbin/kamailio[10772]: ERROR: tls [tls_util.h:42]: tls_err_ret(): TLS accept:error:14094418:SSL routines:ssl3_read_bytes:tlsv1 alert unknown ca Aug 18 20:36:33 abc.domain /usr/local/mykamailio/sbin/kamailio[10772]: ERROR: tls [tls_server.c:1333]: tls_h_read_f(): src addr: 143.198.11.1:62033 ///client ip Aug 18 20:36:33 abc.domain /usr/local/mykamailio/sbin/kamailio[10772]: ERROR: tls [tls_server.c:1336]: tls_h_read_f(): dst addr: 172.36.53.1:5061 ///ec2 local ip Aug 18 20:36:33 abc.domain /usr/local/mykamailio/sbin/kamailio[10772]: ERROR: <core> [core/tcp_read.c:1481]: tcp_read_req(): ERROR: tcp_read_req: error reading - c: 0xffff80d78a10 r: 0xffff80d78b38 (-1)

TLS Config [server:default] method = TLSv1+ verify_certificate = no require_certificate = nocertificate=/usr/local/ssl/certs/cert.pem private_key=/usr/local/ssl/certs/fullkey.pem server_name = abc.domain

Also tried this conf [server:default] method = TLSv1+ ///tries all version options

verify_certificate = no require_certificate = no certificate=/usr/local/ssl/certs/ abc.domain.crt private_key=/usr/local/ssl/certs/ abc.domain.key server_name = abc.domain.link

openssl version OpenSSL 1.0.2k-fips 26 Jan 2017

please guide.

-- Regards Arqum

Attachments:

attachment.html (text/html — 2.0 KB)

Show replies by date

Henning Westerholt

19 Aug 19 Aug

9:40 a.m.

Hello,

try to add the „ca_list” parameter to your ca file, it seems an error related to that.

Cheers,

Henning

-- Henning Westerholt – https://skalatan.de/blog/ Kamailio services – https://gilawa.com https://gilawa.com/

From: sr-users sr-users-bounces@lists.kamailio.org On Behalf Of M Arqum CH Sent: Thursday, August 18, 2022 10:49 PM To: Kamailio (SER) - Users Mailing List sr-users@lists.kamailio.org Subject: [SR-Users] TLS issue

Dear All,

Thank you in advance .

Facing issue is setting up tls with kamailio 5.5.4 on ec2 Amazon linux server.

Getting this error.

Aug 18 20:36:33 abc.domain /usr/local/mykamailio/sbin/kamailio[10772]: ERROR: tls [tls_server.c:1329]: tls_h_read_f(): protocol level error Aug 18 20:36:33 abc.domain /usr/local/mykamailio/sbin/kamailio[10772]: ERROR: tls [tls_util.h:42]: tls_err_ret(): TLS accept:error:14094418:SSL routines:ssl3_read_bytes:tlsv1 alert unknown ca Aug 18 20:36:33 abc.domain /usr/local/mykamailio/sbin/kamailio[10772]: ERROR: tls [tls_server.c:1333]: tls_h_read_f(): src addr: 143.198.11.1:62033http://143.198.11.1:62033 ///client ip Aug 18 20:36:33 abc.domain /usr/local/mykamailio/sbin/kamailio[10772]: ERROR: tls [tls_server.c:1336]: tls_h_read_f(): dst addr: 172.36.53.1:5061http://172.36.53.1:5061 ///ec2 local ip Aug 18 20:36:33 abc.domain /usr/local/mykamailio/sbin/kamailio[10772]: ERROR: <core> [core/tcp_read.c:1481]: tcp_read_req(): ERROR: tcp_read_req: error reading - c: 0xffff80d78a10 r: 0xffff80d78b38 (-1)

Also tried this conf [server:default] method = TLSv1+ ///tries all version options

verify_certificate = no require_certificate = no certificate=/usr/local/ssl/certs/ abc.domain.crt private_key=/usr/local/ssl/certs/ abc.domain.key server_name = abc.domain.link

openssl version OpenSSL 1.0.2k-fips 26 Jan 2017

please guide.

-- Regards Arqum

M Arqum CH

9:12 p.m.

Hi Henning, Thank you for your reply. yes there is ca_list parameter .. but no idea from where i can get that list. can you please guide me on how to get ca_list, how would I generate ca_list.

thanks

On Fri, Aug 19, 2022 at 2:40 PM Henning Westerholt hw@gilawa.com wrote:

...

Hello,

try to add the „ca_list” parameter to your ca file, it seems an error related to that.

Cheers,

Henning

--

Henning Westerholt – https://skalatan.de/blog/

Kamailio services – https://gilawa.com

*From:* sr-users sr-users-bounces@lists.kamailio.org *On Behalf Of *M Arqum CH *Sent:* Thursday, August 18, 2022 10:49 PM *To:* Kamailio (SER) - Users Mailing List sr-users@lists.kamailio.org *Subject:* [SR-Users] TLS issue

Dear All,

Thank you in advance .

Facing issue is setting up tls with kamailio 5.5.4 on ec2 Amazon linux server.

Getting this error.

Aug 18 20:36:33 abc.domain /usr/local/mykamailio/sbin/kamailio[10772]: ERROR: tls [tls_server.c:1329]: tls_h_read_f(): protocol level error Aug 18 20:36:33 abc.domain /usr/local/mykamailio/sbin/kamailio[10772]: ERROR: tls [tls_util.h:42]: tls_err_ret(): TLS accept:error:14094418:SSL routines:ssl3_read_bytes:tlsv1 alert unknown ca Aug 18 20:36:33 abc.domain /usr/local/mykamailio/sbin/kamailio[10772]: ERROR: tls [tls_server.c:1333]: tls_h_read_f(): src addr: 143.198.11.1:62033 ///client ip Aug 18 20:36:33 abc.domain /usr/local/mykamailio/sbin/kamailio[10772]: ERROR: tls [tls_server.c:1336]: tls_h_read_f(): dst addr: 172.36.53.1:5061 ///ec2 local ip Aug 18 20:36:33 abc.domain /usr/local/mykamailio/sbin/kamailio[10772]: ERROR: <core> [core/tcp_read.c:1481]: tcp_read_req(): ERROR: tcp_read_req: error reading - c: 0xffff80d78a10 r: 0xffff80d78b38 (-1)

TLS Config

[server:default] method = TLSv1+ verify_certificate = no require_certificate = nocertificate=/usr/local/ssl/certs/cert.pem private_key=/usr/local/ssl/certs/fullkey.pem server_name = abc.domain

Also tried this conf

[server:default] method = TLSv1+ ///tries all version options

verify_certificate = no require_certificate = no certificate=/usr/local/ssl/certs/ abc.domain.crt private_key=/usr/local/ssl/certs/ abc.domain.key server_name = abc.domain.link

openssl version OpenSSL 1.0.2k-fips 26 Jan 2017

please guide.

--

Regards

Arqum

-- Regards M Arqum

Ankit Jayswal

22 Aug 22 Aug

4:39 a.m.

Hello, For adding the CA list below is the article that can help you.

*https://telecom.altanai.com/2018/09/04/kamailio-webrtc-sip-server/ https://telecom.altanai.com/2018/09/04/kamailio-webrtc-sip-server/*

Search the line, *find / -name cacert.pem* there you will find the steps to get it. But in my case it works without *ca_list* also.

On Sat, Aug 20, 2022 at 2:45 AM M Arqum CH marqumch@gmail.com wrote:

...

Hi Henning, Thank you for your reply. yes there is ca_list parameter .. but no idea from where i can get that list. can you please guide me on how to get ca_list, how would I generate ca_list.

thanks

On Fri, Aug 19, 2022 at 2:40 PM Henning Westerholt hw@gilawa.com wrote:

...
Hello,

try to add the „ca_list” parameter to your ca file, it seems an error related to that.

Cheers,

Henning

--

Henning Westerholt – https://skalatan.de/blog/

Kamailio services – https://gilawa.com

*From:* sr-users sr-users-bounces@lists.kamailio.org *On Behalf Of *M Arqum CH *Sent:* Thursday, August 18, 2022 10:49 PM *To:* Kamailio (SER) - Users Mailing List sr-users@lists.kamailio.org *Subject:* [SR-Users] TLS issue

Dear All,

Thank you in advance .

Facing issue is setting up tls with kamailio 5.5.4 on ec2 Amazon linux server.

Getting this error.

Aug 18 20:36:33 abc.domain /usr/local/mykamailio/sbin/kamailio[10772]: ERROR: tls [tls_server.c:1329]: tls_h_read_f(): protocol level error Aug 18 20:36:33 abc.domain /usr/local/mykamailio/sbin/kamailio[10772]: ERROR: tls [tls_util.h:42]: tls_err_ret(): TLS accept:error:14094418:SSL routines:ssl3_read_bytes:tlsv1 alert unknown ca Aug 18 20:36:33 abc.domain /usr/local/mykamailio/sbin/kamailio[10772]: ERROR: tls [tls_server.c:1333]: tls_h_read_f(): src addr: 143.198.11.1:62033 ///client ip Aug 18 20:36:33 abc.domain /usr/local/mykamailio/sbin/kamailio[10772]: ERROR: tls [tls_server.c:1336]: tls_h_read_f(): dst addr: 172.36.53.1:5061 ///ec2 local ip Aug 18 20:36:33 abc.domain /usr/local/mykamailio/sbin/kamailio[10772]: ERROR: <core> [core/tcp_read.c:1481]: tcp_read_req(): ERROR: tcp_read_req: error reading - c: 0xffff80d78a10 r: 0xffff80d78b38 (-1)

TLS Config

[server:default] method = TLSv1+ verify_certificate = no require_certificate = nocertificate=/usr/local/ssl/certs/cert.pem private_key=/usr/local/ssl/certs/fullkey.pem server_name = abc.domain

Also tried this conf

[server:default] method = TLSv1+ ///tries all version options

verify_certificate = no require_certificate = no certificate=/usr/local/ssl/certs/ abc.domain.crt private_key=/usr/local/ssl/certs/ abc.domain.key server_name = abc.domain.link

openssl version OpenSSL 1.0.2k-fips 26 Jan 2017

please guide.

--

Regards

Arqum

-- Regards M Arqum __________________________________________________________ Kamailio - Users Mailing List - Non Commercial Discussions

sr-users@lists.kamailio.org

Important: keep the mailing list in the recipients, do not reply only to the sender! Edit mailing list options or unsubscribe:

https://lists.kamailio.org/cgi-bin/mailman/listinfo/sr-users

912

Age (days ago)

916

Last active (days ago)

sr-users@lists.kamailio.org

3 comments

3 participants

tags (0)

participants (3)

Ankit Jayswal
Henning Westerholt
M Arqum CH